公开(公告)号：US10193925B2

公开(公告)日：2019-01-29

申请号：US14976143

申请日：2015-12-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jun Hu ,  Xinghua Guan

IPC: H04L29/06

Abstract: An anti-replay method and apparatus are provided. The same maximum agreed value is set at a transmit end and a receive end. The receive end receives an Internet Protocol Security (IPSec) packet, where the IPSec packet includes a sequence number, and acquires an upper limit value of an anti-replay sliding window. If the upper limit value of the anti-replay sliding window is the maximum agreed value, the receive end sets an interval of the anti-replay sliding window to M1 to M2, where M1 is a minimum value of the packet sequence number, and M2 is a sum of M1 and a size of the anti-replay sliding window. When a sequence number of a packet sent by the transmit end reaches a maximum value, a sequence number of a next sent packet starts from the minimum value, thereby resolving a problem that a packet is falsely discarded because of anti-replay.

公开(公告)号：US20160182453A1

公开(公告)日：2016-06-23

申请号：US14976143

申请日：2015-12-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jun Hu ,  Xinghua Guan

IPC: H04L29/06

CPC classification number: H04L63/164

Abstract: An anti-replay method and apparatus are provided. The same maximum agreed value is set at a transmit end and a receive end. The receive end receives an Internet Protocol Security (IPSec) packet, where the IPSec packet includes a sequence number, and acquires an upper limit value of an anti-replay sliding window. If the upper limit value of the anti-replay sliding window is the maximum agreed value, the receive end sets an interval of the anti-replay sliding window to M1 to M2, where M1 is a minimum value of the packet sequence number, and M2 is a sum of M1 and a size of the anti-replay sliding window. When a sequence number of a packet sent by the transmit end reaches a maximum value, a sequence number of a next sent packet starts from the minimum value, thereby resolving a problem that a packet is falsely discarded because of anti-replay.

Abstract translation: 提供了一种防重放方法和装置。 在发送端和接收端设置相同的最大约定值。 接收端收到IPSec报文，IPSec报文中包含序列号，获取反重放滑窗的上限值。 如果反重放滑动窗口的上限值是最大约定值，则接收端将反向重放滑动窗口的间隔设置为M1到M2，其中M1是分组序列号的最小值，M2 是M1的总和和反重播滑动窗口的大小。 当由发送端发送的分组的序列号达到最大值时，下一个发送分组的序列号从最小值开始，从而解决了由于反重放而使分组被错误地丢弃的问题。